<?
	class mod_vhs
	{
		private $db_link;

		function __construct()
		{
			$this->db_link = $_SESSION['portiqus']->getDB();
		}
		
		public function Run()
		{
			$was_soll_ich_machen = $_GET['run'];
			$womit = $_GET['was'];

			if (isset($was_soll_ich_machen)) 
			{
				switch($was_soll_ich_machen)
				{
					case "edit":
						if (isset($womit))
						{
							if ( isset($_POST['vhost_name']) && isset($_POST['document_root']))
							{
								if ( ($_POST['vhost_name'] != "") && ($_POST['document_root'] != ""))
								{
									$this->_doUpdateUser($womit, $_POST['vhost_name'], $_POST['document_root']);
								}
								else
								{
									$this->_doEditUser($womit);
								}
							}
							else
							{
									$this->_doEditUser($womit);
							}
						}
						break;
					case "delete":
						if (isset($womit) && ($womit != ""))
						{
							$this->_doDeleteAt($womit);
						}
						break;
					case "new":
						if ( isset($_POST['vhost_name']) && isset($_POST['document_root']))
						{
							if ( ($_POST['vhost_name'] != "") && ($_POST['document_root'] != ""))
							{
								$this->_doInsertUser($_POST['vhost_name'], $_POST['document_root']);
							}
							else
							{
								$this->_doAddNew();
							}
						}
						else
						{
							$this->_doAddNew();
						}
						break;
					case "check":
						if (isset($womit) && ($womit != ""))
						{
							$this->_doCheckUser($womit);
						}
						break;
					default:
						break;
				}
			}
			else
			{
				$this->_displayAll();
			}
  	}

		function _doDeleteAt($id_vhost)
		{
			if (  preg_match('/^[0-9]{1,2}$/', $id_vhost) )
			{
				$query = "DELETE FROM vhost WHERE id_vhost='" . mysql_escape_string($id_vhost) . "';";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
				
				$this->_displayAll();
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
			}
		}

		function _doInsertUser($vhost_name, $document_root)
		{
			if ( preg_match('/^[0-9a-zA-Z\.\-]{1,}$/', $vhost_name) && preg_match('/^[0-9a-zA-Z\.\-\/]{1,}$/', $document_root))
			{
				$query = "INSERT INTO vhost (vhost_name, document_root) VALUES ('" . mysql_escape_string($vhost_name) . "', '" . mysql_escape_string($document_root) . "');";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

				$this->_displayAll();
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!<br />";
				exit;
			}
		}
		
		function _doUpdateUser($id_vhost, $vhost_name, $document_root)
		{
			if (  preg_match('/^[0-9]{1,2}$/', $id_vhost) )
			{
				if ( preg_match('/^[0-9a-zA-Z\.\-]{1,}$/', $vhost_name) && preg_match('/^[0-9a-zA-Z\.\-\/]{1,}$/', $document_root))
				{
					$query = "UPDATE vhost SET vhost_name='" . mysql_escape_string($vhost_name) . "', document_root='" . mysql_escape_string($document_root) . "'  WHERE id_vhost='" . $id_vhost . "';";
					$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

					$this->_displayAll();
				}
				else
				{
					print "Achtung SQL-Injection: Bitte lass das!";
					exit;
				}
			}
			else
			{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
			}
				
		}
		
  	function _displayAll()
  	{
			$query = "SELECT id_vhost, vhost_name, document_root FROM vhost ORDER BY id_vhost;";
			$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());

			?>
				<div id="inhalt">
					<table border="0" cellpadding="0" cellspacing="0">
						<tr align=left><th width=50>id</th><th width=200>Name</th><th width=300>Pfad</th></tr>
					<?
						while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
						{
							print "<tr height=15>";
						
							print "\t\t<td align=left>" . $line['id_vhost'] . "</td>\n";
							print "\t\t<td align=left>http://" . $line['vhost_name'] . "</td>\n";
							print "\t\t<td align=left>" . $line['document_root'] . "</td>\n";

							print '<td><a href="?action=mod_vhs&run=edit&was=' . $line['id_vhost'] . '">edit</a> <a href="?action=mod_vhs&run=delete&was=' . $line['id_vhost'] . '">delete</a></td></tr>';
						}
						
						mysql_free_result($result);
					?>
				</div>
				Verf&uuml;gbare Aktionen:<br>
				&nbsp;<a href="?action=mod_vhs&run=new">eine neue Webdomain anlegen</a><br>
				oder<br>
				&nbsp;eine vorhandenen Webdomain editieren:<br><br>
			<?
  	}

  	function _doAddNew()
  	{
  		?>
			<div id="inhalt">
				Hier kann eine neue E-Mail Domain eingetragen werden. Es werden nur Domains akzeptiert,<br />
				die noch nicht in der Datenbank stehen.<br />
  		<br><br>
  			<form method="POST" action="#" name="neuer_account" onsubmit="return domain_check();">
  				<table border="0" cellspacing="3" cellpadding="0" width="550">
  					<tr><td>Webdomain</td><td align="right"><input type="text" name="vhost_name" value="" size="50" maxlength="150"></td><td></td></tr>
  					<tr><td>lokaler Pfad</td><td align="right"><input type="text" name="document_root" value="" size="50" maxlength="150"></td><td></td></tr>
  					<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Erstellen"></td></tr>
  				</table>
  			</form>
  		</div>
  		<?
  	}
  	
  	function _doEditUser($id_vhost)
  	{
  		if (  preg_match('/^[0-9]{1,2}$/', $id_vhost) )
  		{
				$query = "SELECT id_vhost, vhost_name, document_root FROM vhost WHERE id_vhost='" . $id_vhost . "';";
				$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
				$line = mysql_fetch_array($result, MYSQL_ASSOC)

	  		?>
				<div id="inhalt">
	  		<br><br>
	  			<form method="POST" action="#" name="neuer_account" onsubmit="return domain_check();">
	  				<table border="0" cellspacing="3" cellpadding="0" width="550">
  					<tr><td>Webdomain</td><td align="right"><input type="text" name="vhost_name" value="<? print $line['vhost_name']; ?>" size="50" maxlength="150"></td><td></td></tr>
  					<tr><td>lokaler Pfad</td><td align="right"><input type="text" name="document_root" value="<? print $line['document_root']; ?>" size="50" maxlength="150"></td><td></td></tr>
	  				<tr><td></td><td></td><td align=right><input class="createb" type="submit" value="Aktualisieren"></td></tr>
	  				</table>
	  			</form>
	  		</div>
	  		<?
	  		mysql_free_result($result);
	  	}
	  	else
	  	{
				print "Achtung SQL-Injection: Bitte lass das!";
				exit;
	  	}
  	}
  	
  	private function _doCheckUser($vhost_name)
  	{
			$query = "SELECT vhost_name, document_root FROM vhost WHERE vhost_name='" . mysql_escape_string($vhost_name) . "';";
			$result = mysql_query($query, $this->db_link) or die("Anfrage fehlgeschlagen: " . mysql_error());
			$line = mysql_fetch_array($result, MYSQL_ASSOC);
			// mysql_free_result($result);
			
			print $line['vhost_name'] . $line['document_root'];
  	}
	}
?>